Last updated: July 5, 2026
We keep cookies to a minimum: a few first-party cookies run the product, and analytics and advertising stay off until you accept them. Survey pages and the embeddable widget carry no analytics or advertising technology at all.
Cookies are small files a website stores on your device. We also use similar technologies, such as your browser's local storage. We group them as strictly necessary (the site can't work without them), functional (remembering your choices), analytics (helping us understand and improve the site), and advertising (measuring our ad campaigns so we don't waste them on the wrong people). Analytics and advertising cookies stay off until you accept them, and we never use cookies to sell your personal data.
We keep cookies to a minimum. Strictly-necessary and functional cookies are first-party and simply run the product. Anything that uses cookies or could identify you — analytics like Ahrefs, Google Analytics, and PostHog, and advertising like Google Ads and our own attribution cookie — sets nothing and can't identify you until you accept it in our cookie banner. We treat analytics and advertising as a single choice: accepting in the banner turns both on, declining keeps both off. Google's tag uses Consent Mode v2: it may load in a cookieless denied state, but writes no cookies and identifies no one until you accept. Ahrefs and PostHog are gated harder still — they do not load at all until you accept.
The one thing that runs by default is Vercel's cookieless, aggregate measurement of page performance, which sets no cookie and doesn't identify you. Survey pages (the /s/* links your respondents open) and the embeddable in-app widget load no analytics or advertising technology of any kind — no cookies, no pixels, no fingerprinting, and no page-performance scripts.
Here's what we use and why. The names and lifetimes of our authentication provider's cookies are set and managed by Clerk and may change. The Google entries are planned: they describe what the Google tag will do once we enable it, and it remains consent-gated either way.
| Cookie / technology | Provider | Category | Purpose | Expiry |
|---|---|---|---|---|
| __client_uat, __session (and related Clerk cookies) | Clerk | Strictly necessary | Keep you signed in and secure the dashboard. Set only on authenticated areas. | Set and managed by Clerk |
| fs_consent | FitSignal | Strictly necessary | Remembers your cookie choice (granted or denied) so we don't ask again. | 1 year |
| fitsignal-active-project and demo-mode cookies | FitSignal | Functional | Remember your selected project and whether you're exploring the read-only demo workspace in the dashboard. | Session to 1 year |
| PostHog (browser storage; no third-party cookie) | PostHog | Analytics (consent-gated) | Product analytics inside the signed-in app and on the marketing site, including session replay with all text and form inputs masked. Stored in your browser’s local storage, not cookies. Loads only after you accept. | Local storage |
| Ahrefs Web Analytics | Ahrefs | Analytics (consent-gated) | Aggregate, cookieless marketing-site traffic measurement. Sets no cookie and loads only after you accept. | No cookie set |
| Google Analytics 4 (_ga, _ga_<id>) | Analytics (consent-gated; when enabled) | Marketing-site traffic and conversion measurement. Uses Consent Mode v2: the tag may load in a cookieless state but sets no analytics cookie or identifier until you accept. | Up to 2 years | |
| Google Ads conversion (_gcl_*) | Advertising (consent-gated; when enabled) | Ad attribution and conversion measurement via Consent Mode v2: no advertising cookie or identifier is set until you accept. | Up to 90 days | |
| fs_attribution | FitSignal | Advertising (consent-gated) | First-party storage of ad click ids (such as the Google click id, gclid) and UTM campaign parameters so a later signup can be credited to the right ad. Set only after you accept. | 90 days |
| Vercel Analytics | Vercel | Analytics (cookieless) | Privacy-friendly page and performance metrics. Sets no cookie and is not consent-gated. | n/a |
When you first visit, our banner lets you accept or decline non-essential cookies — analytics and advertising together, as a single choice. You can change your mind at any time using the “Cookie settings” link in the footer; your choice is remembered for a year in the fs_consent cookie. Strictly-necessary cookies are always on because the site can't function without them.
Because the analytics and advertising technologies that use cookies or identify you stay off until you accept them, declining keeps them off entirely. You can also block or delete cookies in your browser at any time — though blocking strictly-necessary cookies may stop parts of the dashboard from working. We don't rely on Global Privacy Control or Do-Not-Track browser signals; instead, nothing non-essential runs unless you choose to opt in.
We may update this policy as our cookies or providers change; we'll update the “last updated” date above. The providers listed here, with what they process and where, are on our Subprocessors page at /subprocessors, and how we handle personal data generally is in our Privacy Policy at /privacy. Questions: support@fitsignal.com.
Related: Privacy Policy · Terms of Service · DPA · Subprocessors · Acceptable Use · Refund Policy